Network management control

If the Access controls and Change controls prevent unauthorized network access and unscheduled network changes, the Network Management control offers rich benefits like immediate fault detection, fault isolation & identification of the problem and corrective/preventive measures that can be enforced.

The presence of a flexible and powerful NMS system is an important pre-requisite for network management control. Based on the network complexity, the NMS systems can be either a centralized or a distributed model.

The first step towards effective Network management control is to monitor the critical network elements like routers, switches, firewalls, authentication servers and wide-area links. Monitoring these key network devices falls into two categories:

Status monitoring helps in ascertaining whether the monitored device is available on the network by polling the device at regular intervals. (A five-minute polling interval is widely implemented on most of the networks). This will correlate to two status indicators - Up (or) Down. While various commercial and open-source NMS products are available, the ping utility is the most basic and popular tool used for carrying out this task.

The status indicators can be notified to the relevant network personnel as an audio or visual alert. Faults can be then immediately detected and isolated. This will help in reducing the problem resolution time.

Performance monitoring helps in gathering important data on CPU utilization and memory utilization for these network devices. Information on wide-area link utilization can also be gathered.

The collected data can then be used for base lining the performance of the network device with respect to the currently handled load and actual load (maximum) it can handle, as per device specifications. This will help in planning for future capacity and monitor the key metrices for performance related issues.

Average and peak link utilization figures will also indicate the peak and non-peak times with respect to service usage. Based on pre-defined thresholds, link upgrades can be planned well in advance. The performance data is collected using the SNMP (v2) protocol over five-minute sampling intervals.

In the case of the authentication server, the amount of time taken to connect to the server and receive an authorization accept or reject can be analyzed for base lining the application performance. An automated script can be scheduled to run at 15-minute intervals. This script can be run on the NMS system or on a dedicated system. Additionally, the server's CPU/memory utilization can also be monitored.

Performance monitoring analysis can help in planning and implementing preventive measures. As the old adage goes, prevention is better than cure.

Configuration control :

Most of the networks today use devices like routers, firewalls, switches and other specialized devices like VOIP gateways, VPN gateways etc. What makes these devices unique within each network is the logical configuration associated with it.

Without this logical configuration, the device cannot perform any of the tasks it is supposed to do. Building this logical configuration takes a good amount of time and effort and involves standardization of certain settings for better performance and compliance with best practices.

Therefore, one of the most important aspects of network management is central storage of the logical configuration data for all the network elements like routers, switches, load balancers, traffic shapers, firewalls and other network devices. This central repository will need to be updated as and when configuration changes occur on the network.

The repository can then be used for providing the latest configuration backups in the event of device (hardware) failure or other problems. Configuration changes can also be audited for better control.

- Badri Narayan